<?php
require_once 'conn.php';
checkLogin();

// 获取订单ID
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$keys = urlencode($_GET['keys'] ?? '');
$page = $_GET['page'] ?? 1;

// 验证参数
if ($id <= 0) {
    echo "<script>alert('无效的订单ID');location.href='order.php?keys=$keys&Page=$page';</script>";
    exit;
}

// 验证订单所有权（只能删除自己的订单）
$employee_id = $_SESSION['employee_id'];
$isAdmin = checkIfAdmin();

$checkSql = "SELECT id FROM orders WHERE id = $id";
if (!$isAdmin) {
    $checkSql .= " AND employee_id = $employee_id";
}

$checkResult = mysqli_query($conn, $checkSql);

if (mysqli_num_rows($checkResult) === 0) {
    echo "<script>alert('订单不存在或您没有权限删除该订单');location.href='order.php?keys=$keys&Page=$page';</script>";
    exit;
}

// 开始事务处理
mysqli_autocommit($conn, FALSE);
$error = false;

try {
    // 先删除订单项目
    $deleteItemsSql = "DELETE FROM order_items WHERE order_id = $id";
    if (!mysqli_query($conn, $deleteItemsSql)) {
        throw new Exception("删除订单项目失败: " . mysqli_error($conn));
    }
    
    // 删除订单主表
    $deleteOrderSql = "DELETE FROM orders WHERE id = $id";
    if (!$isAdmin) {
        $deleteOrderSql .= " AND employee_id = $employee_id";
    }

    if (!mysqli_query($conn, $deleteOrderSql)) {
        throw new Exception("删除订单失败: " . mysqli_error($conn));
    }
    
    // 提交事务
    mysqli_commit($conn);
    echo "<script>alert('订单删除成功');location.href='order.php?keys=$keys&Page=$page';</script>";
} catch (Exception $e) {
    // 回滚事务
    mysqli_rollback($conn);
    echo "<script>alert('删除订单时发生错误: " . $e->getMessage() . "');location.href='order.php?keys=$keys&Page=$page';</script>";
}

// 恢复自动提交
mysqli_autocommit($conn, TRUE);
exit;
?>